Cyber Threats Yet Another Frontier in Anti-choice Arsenal

Recent cyber attacks on the British Pregnancy Advisory Service are a wake-up call reminding clinics that they should consider cyber security as part of an overall security strategy.

[img src]

Since Roe v. Wade was decided 39 years ago, reproductive health centers have taken security of person and property extremely seriously, installing motion detectors, screening incoming mail, and paying close attention to menacing protesters. Most have developed, or have tried to develop, close ties with law enforcers in an attempt to deter would-be terrorists. Furthermore, they’ve been schooled to recognize potential hazards—suspicious packages, unattended bags, and tiny holes through which foul smelling butyric acid might be injected into buildings.

Now, however, a new concern has entered the fray: Hacking.

Hacktivism elbowed its way into the reproductive health arena in early March when a 27-year-old Englishman named James Jeffery broke into the British Pregnancy Advisory Service’s [BPAS] website, defaced its home page, and stole 10,000 medical records. Although Jeffery was caught within 24 hours of the attack—he boasted about it on Twitter and was nabbed by Scotland Yard before he had a chance to disclose any of the confidential material he’d collected—the crime sent shock waves through the United Kingdom and beyond.

According to The Daily Mail, Jeffery became riled up after he learned that two acquaintances were scheduled to visit BPAS and have abortions. Taking the nom de guerre of deceased drug lord Pablo Escobar, BPAS staff came into work on March 8—yes, International Women’s Day—and found the following on-screen message: “An unborn child does not have an opinion, a choice, or other rights. Who gave you the right to murder an unborn child and profit from the murder?” The logo of the hacktivist group, Anonymous—a loosely-connected international network of hackers who have been credited with breaking into the computer systems of the Department of Justice, FBI, CIA, British Parliament, MasterCard, and Visa—was also displayed.

The Independent reports that on the day of the breach, a record 26,000 additional attempts to break into BPAS’s website were recorded; 2500 more attempts have occurred in subsequent months, a least half of them coming from US IP addresses. Although none save Jeffery have succeeded, the culprits of these attacks remain at large. An article that appeared in the The New Statesman on April 19th opined that, “The assault on BPAS’ cyber security is a renegade, bottom-up attack by what appears to be a collection of individuals rather than an organized political force.”

But who knows? 

It is important to note that BPAS is Britain’s largest abortion provider, performing approximately 53,000 terminations each year.  What’s more, as a network of more than 40 health centers scattered throughout the country, the organization dispenses EC and other contraceptives, does pregnancy testing, and provides options counseling to upwards of 60,000 patients a year. They also perform vasectomies.

For his part, Jeffery pled guilty to two charges under Britain’s Computer Misuse Act and was sentenced to 32 months in jail. He also wrote a letter of apology to BPAS that included—bizarre though it sounds–recommendations for beefing up their Internet security.

This, of course, raises the question of what clinics in the US and elsewhere—as well as individual clinicians, reproductive justice activists, and organizers—should do to minimize the likelihood of being similarly violated. According to security.ngoinabox.org, a website of the Tactical Technology Collective, an NGO that helps social justice organizations use technology and electronic mediums more effectively, the first imperative is staying manware, spyware, and virus free.  “New viruses are written and distributed every day and your computer will quickly become vulnerable if you don’t keep up with new virus definitions,” TTC warns. Some of their recommendations are common sense: Never open attachments from unknown senders and periodically scan all the files in your computer. They further recommend disabling unused Windows programs and installing free and open source software and an additional firewall—they propose Comodo—to protect the network.  Lastly, the group suggests that computers be disconnected from the Internet when they are not in use and completely shut down after hours.

Is this enough, you ask? Experts agree that the answer is no.

Marco, a west coast IT security specialist who asked that neither his surname nor employer be disclosed, is adamant that health centers can minimize the chances of receiving viruses or being hacked, but can never be wholly safe.  “Overall,” he begins, “it is hard to protect any sort of data, including classified material, from a motivated attacker. While there are defenses out there to slow things down and make it tougher, most defenses are expensive to buy and maintain, often costing too much for a small clinic. My generic advice is to use cloud computing or SaaS, Software as a Service, providers for their security advantages. They can’t do everything and are not perfect, but they can do more than the average non-technology company or clinic.”

Marco likens such contracting to making a decision about whether to keep a gold watch at home or placing it in a safe at the local bank.. “The bank has armed guards, cameras, and 24-hour surveillance to protect their customers’ safety deposit boxes,” he continues. “I could build a secure location in my home, but chances are I can’t afford the 24-hour guards or other measures. Using a Cloud or SaaS provider, or any entity that offers a base set of security protections, might be a good fit for a clinic trying to make sure its IT infrastructure is relatively secure.”

While these suggestions may seem like small comfort, the BPAS break-in was a wake-up call, reminding clinics that they have to incorporate cyber security into their everyday work. For while James Jeffery will remain behind bars until 2015, it’s a safe bet that anti-choice hacktivists with a penchant for sabotage will see Jeffery’s incarceration as a call to arms. Indeed, if it wasn’t obvious before it’s obvious now: Cyber threats are yet another frontier in the anti-abortion movement’s anti-woman arsenal.

Nearly 400 years ago, in 1615, Miguel de Cervantes wrote that to be forewarned is to be forearmed.  Could he possibly have imagined the statement’s continued relevance?